基于攻击识别的网络安全度量方法研究

doi:10.3969/j.issn.1671-1122.2021.11.003

摘要/Abstract

摘要：

目前,传统系统安全状态评估准则多为定性评估,其不足之处是不能量化风险,而定量评估方法大多存在评估不全面、识别攻击的精确率较低等问题。攻击识别技术对网络安全度量具有重要作用,文章采用静态评估与动态评估相结合的资产威胁脆弱性管理网络安全度量模型。静态评估使用AHP层次分析法,结合通用漏洞评分系统给出资产漏洞评分和管理评分。动态评估使用Dw-K-means++算法和XGBoost方法相结合,优化攻击识别的效果。综合静态评估与动态评估,给出网络系统总体的评估结果。文章使用公开数据集CICIDS2017证明了Dw-K-means++算法在大型数据集上的聚类优势,同时使用基于仿真实验的数据验证了网络安全度量模型的有效性。

关键词: 网络安全, 风险评估, AHP, Dw-K-means++, Dw-cluster-XGBoost

Abstract:

At present, most of the traditional system security state assessment criteria are qualitative assessment, The disadvantage of this method is that it can not quantify the risk, and there are many kinds of quantitative assessment methods, most of which have the problems of incomplete assessment and low accuracy of attack identification. Attack-based identification plays an important role in network security measurement, this paper proposed a network security measurement model of asset threat vulnerability management, which combined static assessment with dynamic assessment. Static evaluation used AHP analytic hierarchy process, combined with common vulnerability scoring system vulnerability evaluation system to rate asset vulnerability and management. In the aspect of dynamic evaluation, the combination of DW-K-means++ algorithm and XGBoost method were used to improve the effect of attack recognition. The overall evaluation results of the network system are given by combining static and dynamic evaluation. This paper uses public dataset CICIDS2017 to prove the clustering advantage of DW-K-means++ algorithm on large dataset. At the same time, the validity of the network security measurement model proposed in this paper is verified by the data based on simulation experiments.

Key words: network security, risk assessment, AHP, Dw-K-means++, Dw-cluster-XGBoost

中图分类号:

TP309

赵小林, 赵斌, 赵晶晶, 薛静锋. 基于攻击识别的网络安全度量方法研究[J]. 信息网络安全, 2021, 21(11): 17-27.

ZHAO Xiaolin, ZHAO Bin, ZHAO Jingjing, XUE Jingfeng. Research on Network Security Measurement Method Based on Attack Identification[J]. Netinfo Security, 2021, 21(11): 17-27.

图/表 14

图1

图2

图3

表1

表2

表3

表4

表5

表6

表7

表8

表9

图4

图5

参考文献 20

[1]	SHI Leyi, LIU Jia, LIU Weihao, et al. Survey of Research on Network Security Situation Awareness[J]. Computer Engineering and Applications, 2019, 55(24):1-9.
	石乐义, 刘佳, 刘伟豪, 等. 网络安全态势感知研究综述[J]. 计算机工程与应用, 2019, 55(24):1-9.
[2]	DU Jiawei, ZHOU Ying, GUO Ronghua, et al. Network Security Situational Awareness[M]. Beijing: China Machine Press, 2018.
	杜嘉薇, 周颖, 郭荣华, 等. 网络安全态势感知[M]. 北京: 机械工业出版社, 2018.
[3]	LI Xuebin, FAN Jiulun, LIU Yixian. On Information System Vulnerabilities Assess Based on Analytic Hierarchy Process and Common Vulnerability Score System[J]. Journal of Xi’an University of Post and Telecommunications, 2016, 21(1):42-46.
	黎学斌, 范九伦, 刘意先. 基于AHP和CVSS的信息系统漏洞评估[J]. 西安邮电大学学报, 2016, 21(1):42-46.
[4]	LIU Zhiming, LI Sheng, HE Jin, et al. Complex Network Security Analysis Based on Attack Graph Model[C]// IEEE. 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control, December 8-10, 2012, Harbin, China. Piscataway: IEEE, 2012: 183-186.
[5]	FENG Yi, HUANG Yicai, FU Zhengxin. A Logic-based Attack Graph for Analyzing Network Security Risk Against Potential Attack[C]// IEEE. 2018 IEEE International Conference on Networking, Architecture and Storage(NAS), October 11-14, 2018, Chongqing, China. Piscataway: IEEE, 2018: 1-4.
[6]	SANTOSH K, ANURADHA N, KESHAV P, et al. Evaluation of Network Risk Using Attack Graph Based Security Metrics[C]// IEEE. 2016 IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, August 8-12, 2016, Auckland, NewZealand. Piscataway: IEEE, 2016: 91-93.
[7]	WANG Jiao, FAN Kefeng, MO Wei, et al. A Method for Information Security Risk Assessment Based on the Dynamic Bayesian Network[C]// IEEE. 2016 International Conference on Networking and Network Applications (NaNA), July 23-25, 2016, Hakodate, Japan. Piscataway: IEEE, 2016: 279-283.
[8]	KOTENKO I, PARASHCHUK I. An Approach to Modeling the Decision Support Process of the Security Event and Incident Management Based on Markov Chains[J]. IFAC-PapersOnLine, 2019, 52(13):934-939.
[9]	LI Xi, LU Yu, NIE Wei. Network Security Situation Assessment Method Based on Markov Game Model[J]. KSII Transactions on Internet and Information Systems, 2018, 12(5):2414-2428.
[10]	HAYATLE O, OTROK H, YOUSSEF A. A Markov Decision Process Model for High Interaction Honeypots[J]. Information Security Journal, 2013, 22(4):159-170.
[11]	ZHAO Zhongwei, ZHOU Tingting, WANG Huan. Quantitative Evaluation Model of Network Security Situation Based on D-S Evidence Theory[C]// IEEE. 2019 6th International Conference on Dependable Systems and Their Applications (DSA), January 1-3, 2020, Harbin, China. Piscataway: IEEE, 2020: 371-376.
[12]	LIU Zihao, ZHANG Bin, ZHU Ning, et al. Hierarchical Network Threat Situation Assessment Method for DDoS Based on D-S Evidence Theory[C]// IEEE. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), July 22-24, 2017, Beijing, China. Piscataway: IEEE, 2017: 49-53.
[13]	ANAND S J V, PRANAV I, NEETISH M, et al. Network Intrusion Detection Using Improved Genetick-means Algorithm[C]// IEEE. 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), September 19-22, 2018, Bangalore, India. Piscataway: IEEE, 2018: 2441-2446.
[14]	CHEN Tianqi, GUESTRIN C. XGBoost: A Scalable Tree Boosting System[C]// ACM. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 13-17, 2016, San Francisco, CA, United States. New York: ACM, 2016: 785-794.
[15]	CALISIR S, ATAY R, PEHLIVANOĞLU M K, et al. Intrusion Detection Using Machine Learning and Deep Learning Techniques[C]// IEEE. 2019 4th International Conference on Computer Science and Engineering (UBMK), September 1-3, 2019, Samsun, Turkey. Piscataway: IEEE, 2019: 656-660.
[16]	HU Changzhen. Calculation of the Behavior Utility of a Network System: Conception and Principle[J]. Engineering, 2018, 4(1):78-84. doi: 10.1016/j.eng.2018.02.010 URL
[17]	ZHAO Xiaolin, ZHANG Yiman, SHAN Chun, et al. Research on Network Risk Evaluation Method Based on a Differential Manifold[J]. IEEE Access, 2020, 8(4):66315-66326. doi: 10.1109/Access.6287639 URL
[18]	ZHAO Xiaolin, CHEN Quanbao, XUE Jingfeng, et al. A Method for Calculating Network System Security Risk Based on a Lie Group[J]. IEEE Access, 2019, 7(5):70610-70623. doi: 10.1109/Access.6287639 URL
[19]	SUN Hongyu, HE Yuan, WANG Jice, et al. Application of Artificial Intelligence Technology in the Field of Security Vulnerability[J]. Journal on Communications, 2018, 39(8):1-17.
	孙鸿宇, 何远, 王基策, 等. 人工智能技术在安全漏洞领域的应用[J]. 通信学报, 2018, 39(8):1-17.
[20]	SHARAFALDIN I, LASHKARI A H, GHORBANI A A. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization[EB/OL]. https://www.scitepress.org/Link.aspx?doi=10.5220/0006639801080116, 2018-01-22.

主机	权重向量	属性分值向量	主机资产评分	主机资产权重
Host0	[0.169,0.371,0.259,0.201]	[1,3,3,3]	2.137	0.073
Host1	[0.48, 0.24, 0.16, 0.12]	[3,2,3,3]	2.76	0.117
Host2	[0.523,0.211,0.146,0.12]	[1,2,1,3]	1.135	0.039
Host3	[0.202,0.157,0.358,0.283]	[1,1,1,3]	0.824	0.028
Host4	[0.315,0.469,0.137,0.079]	[5,5,1,5]	4.452	0.153
Host5	[0.274,0.538,0.114,0.074]	[5,7,3,5]	5.848	0.201
Host6	[0.226,0.092,0.092,0.59]	[1,1,5,5]	3.728	0.128
Host7	[0.486,0.08,0.207,0.227]	[4,1,3,5]	3.780	0.13
Host8	[0.4975,0.7753,0.2372, 0.3084]	[1,2,1,5]	3.827	0.131

节点位置	漏洞CVE编号	评分
Host0-1	2017-3732	5.9（3.6,2.2）
Host0-2	2017-7849	5.5（3.6,1.8）
Host0-3	2017-8744	7.8（5.9,1.8）

主机	可用性权重	影响性权重	主机脆弱性评分	资产—漏洞评分
Host0	[0.169,0.168,0.164]	[0.106,0.166,0.228]	3.123	0.228
Host1	[0.229,0.271]	[0.153,0.347]	3.9989	0.468
Host2	0.5	0.5	3.8	0.148
Host3	0	0	0	0
Host4	[0.167,0.167,0.167]	[0.207,0.086,0.207]	3.123	0.228
Host5	[0.169,0.168,0.164]	[0.106,0.166,0.228]	4.522	0.692
Host6	0	0	0	0
Host7	[0.193,0.181,0.149]	[0.135,0.135,0.230]	4.0378	0.525
Host8	0	0	0	0

流量类型	样本数量/个
UDPflood	706
SYNflood	442
正常流量	357

样本类型	精确率	召回率	F1分数	样本数量
正常流量	0.0612	0.1289	0.083	357
攻击流量	0.5870	0.3850	0.4650	1148
综合分数	0.4623	0.3243	0.3744	1505